package com.woniu.config.security;

import com.woniu.filter.JwtTokenAuthenticationFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Profile;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.reactive.CorsConfigurationSource;
import org.springframework.web.cors.reactive.UrlBasedCorsConfigurationSource;


@EnableWebSecurity          //加载WebSecurity 配置类 和标志本类是配置类
@EnableGlobalMethodSecurity(prePostEnabled = true)   //采用注解的方式实现鉴权
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {


//    @Autowired
//    private MyAuthenticationAcces myAccessDeniedHandler;
    @Autowired
    private JwtTokenAuthenticationFilter getPermsFilter;


    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        super.configure(auth);
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers(HttpMethod.GET,
                "/v2/**",
                "/v3/**",
                "/swagger-resources/**",
                "/configuration/**",
                "/swagger-ui.html/**",
                "/webjars/**",
                "img.icons/**",
                "/doc.html",
                "/home",
                "/customer/receiveCoupon");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {


        http.authorizeRequests().antMatchers("/customer/receiveCoupon").permitAll()
                .antMatchers(HttpMethod.OPTIONS,"/**").permitAll()
                .anyRequest().authenticated();

        http.formLogin()
                //添加异常处理器
                .and().exceptionHandling()
                //设置鉴权失败处理器
//                .accessDeniedHandler(myAccessDeniedHandler)
                //添加自定义处理器
                .and().addFilterBefore(getPermsFilter, UsernamePasswordAuthenticationFilter.class);

        //关闭CSRF跨域
        http.csrf().disable();

        //让session失效
        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);

    }


    @Bean
    @Profile("dev")
    CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration configuration = new CorsConfiguration();
        configuration.addAllowedOrigin("Access-Control-Allow-Origin");//修改为添加而不是设置，* 最好改为实际的需要，我这是非生产配置，所以粗暴了一点
        configuration.addAllowedMethod("*");//修改为添加而不是设置
        configuration.addAllowedHeader("*");//这里很重要，起码需要允许 Access-Control-Allow-Origin
        configuration.setAllowCredentials(true);
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", configuration);
        return source;
    }
}
